Skip to content

build(deps): bump pypdf to 6.12.0 and tornado to 6.5.7#299

Merged
luarss merged 1 commit into
The-OpenROAD-Project:masterfrom
luarss:deps/bump-pypdf-tornado
Jun 13, 2026
Merged

build(deps): bump pypdf to 6.12.0 and tornado to 6.5.7#299
luarss merged 1 commit into
The-OpenROAD-Project:masterfrom
luarss:deps/bump-pypdf-tornado

Conversation

@luarss

@luarss luarss commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

Supersedes #298 with updated versions (tornado resolved to 6.5.7, one patch ahead of the Dependabot PR).

  • pypdf 6.10.26.12.0 (backend): two security fixes — disallow cross-reference streams with zero-only width values, avoid excessive whitespace in layout mode text extraction
  • tornado 6.5.56.5.7 (evaluation, frontend): security/bug fixes including stripping auth headers on cross-origin redirects

Test plan

@luarss
build(deps): bump pypdf to 6.12.0 and tornado to 6.5.7
dafe0d5 
- pypdf 6.10.2 -> 6.12.0 (backend): includes two security fixes
  (disallow cross-ref streams with zero-only width values, avoid
  excessive whitespace in layout mode text extraction)
- tornado 6.5.5 -> 6.5.7 (evaluation, frontend): bug fixes including
  stripping auth headers on cross-origin redirects

Closes The-OpenROAD-Project#298 (dependabot PR superseded by newer tornado release)

Signed-off-by: Jack Luar <jluar@precisioninno.com>
@luarss luarss force-pushed the deps/bump-pypdf-tornado branch from 9bb718f to dafe0d5 Compare June 13, 2026 11:19
@luarss luarss merged commit 5a8e842 into The-OpenROAD-Project:master Jun 13, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@luarss